Transport Layer Security (TLS) Requirements
Required TLS Versions
-
TLS 1.3 - preferred
-
TLS 1.2 - allowed for compatibility
Prohibited Protocols
-
SSLv2
-
SSLv3
-
TLS 1.0
-
TLS 1.1
TLS Requirements
-
Redirect HTTP to HTTPS
-
Use HTTPS for all authenticated and sensitive pages
-
Avoid mixed HTTP/HTTPS content
-
Use valid certificates with the correct Subject Alternative Name
-
Use certificates issued by a trusted certificate authority for public applications
-
Use organization-approved internal certificates for internal-only applications
-
Disable TLS compression where configurable
-
Patch TLS libraries and web server software regularly
Cipher Requirements
Approved Cipher Characteristics
-
Forward-secret key exchange, preferably ECDHE
-
Strong authenticated encryption, preferably AES-GCM or ChaCha20-Poly1305
-
SHA-256 or SHA-384
-
Minimum 128-bit encryption strength
Disallowed Cipher Components
-
RC4
-
DES / 3DES
-
NULL ciphers
-
EXPORT ciphers
-
Anonymous cipher suites
-
MD5-based cipher suites
-
SHA1-only legacy cipher suites where avoidable
-
Static RSA key exchange
-
Static DH/ECDH key exchange
-
CBC-mode cipher suites where possible
-
DSS/DSA-based cipher suites
-
Weak DHE configurations using insufficient DH parameters
Approved TLS 1.3 Cipher Suites
-
TLS_AES_256_GCM_SHA384
-
TLS_AES_128_GCM_SHA256
-
TLS_CHACHA20_POLY1305_SHA256
Approved TLS 1.2 Cipher Suites
-
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
-
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
-
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
-
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
-
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
-
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
OpenSSL / Nginx-style Equivalents
-
ECDHE-RSA-AES256-GCM-SHA384
-
ECDHE-RSA-AES128-GCM-SHA256
-
ECDHE-ECDSA-AES256-GCM-SHA384
-
ECDHE-ECDSA-AES128-GCM-SHA256
-
ECDHE-RSA-CHACHA20-POLY1305
-
ECDHE-ECDSA-CHACHA20-POLY1305
Disallowed / Legacy Cipher Patterns
-
TLS_RSA_*
-
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
-
TLS_RSA_WITH_3DES_EDE_CBC_SHA
-
TLS_RSA_WITH_RC4_128_SHA
-
TLS_RSA_WITH_RC4_128_MD5
-
TLS_RSA_WITH_AES_128_CBC_SHA
-
TLS_RSA_WITH_AES_256_CBC_SHA
-
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
-
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
-
TLS_DH_anon_*
-
TLS_NULL_*
-
TLS_*_EXPORT_*
Cipher Exception Handling
-
Legacy ciphers require a documented business justification, affected hostname/application, required legacy dependency, compensating controls, planned remediation date, and security approval.
-
Legacy requirements should be isolated to a dedicated endpoint whenever possible instead of weakening the primary application endpoint.
Rationale
Deprecated TLS versions and weak ciphers are vulnerable to:
-
downgrade attacks
-
known cryptographic exploits
-
traffic decryption risks
HSTS Subdomain Note
-
Do not use includeSubDomains unless all subdomains are confirmed HTTPS-ready and approved by security.
-
Using includeSubDomains applies HSTS to every subdomain under the parent domain and can break applications that are not ready for HTTPS.
-
For shared or umbrella domains, use host-specific HSTS unless subdomain enforcement is intentionally approved.
HTTP Security Headers (Required)
Strict Transport Security (HSTS)
Strict-Transport-Security:
-
max-age=31536000
Prevents:
-
SSL stripping
-
downgrade to HTTP
Content Security Policy (CSP)
Content-Security-Policy:
-
default-src 'self';
Mitigates:
-
Cross-Site Scripting (XSS)
-
malicious script injection
Note: Start with a basic CSP or report-only mode, then tune it per application. CDNs, third-party scripts, and embedded content may need approved source exceptions.
X-Content-Type-Options
X-Content-Type-Options:
-
nosniff
Prevents:
-
MIME-type confusion attacks
X-Frame-Options
X-Frame-Options:
-
DENY
Prevents:
-
clickjacking attacks
Header Set Up
Strict-Transport-Security: max-age=31536000
Content-Security-Policy: default-src 'self';
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
Referrer-Policy: strict-origin-when-cross-origin
Permissions-Policy: geolocation=(), microphone=(), camera=()
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Purpose:
-
Enforce HTTPS (HSTS)
-
Prevent XSS and injection attacks (CSP)
-
Prevent MIME-type confusion (nosniff)
-
Prevent clickjacking (X-Frame-Options)
-
Limit data leakage (Referrer-Policy)
-
Restrict browser feature abuse (Permissions-Policy)
-
Enforce origin isolation (COOP/CORP)
CSP Implementation:
Note: The baseline CSP (default-src 'self') may break applications using:
-
CDNs
-
third-party scripts
-
embedded content
CSP should be tuned per application where required.
Cache-Control (Recommended)
Cache-Control:
-
no-store
Prevents:
-
sensitive data caching
Implementation Guidance
Nginx Example
-
ssl_protocols TLSv1.2 TLSv1.3;
-
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-CHACHA20-POLY1305;
-
add_header Strict-Transport-Security "max-age=31536000";
-
add_header Content-Security-Policy "default-src 'self';";
-
add_header X-Content-Type-Options "nosniff";
-
add_header X-Frame-Options "DENY";
-
add_header Referrer-Policy "strict-origin-when-cross-origin";
Apache Example
-
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
-
SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-CHACHA20-POLY1305
-
Header set Strict-Transport-Security "max-age=31536000"
-
Header set Content-Security-Policy "default-src 'self';"
-
Header set X-Content-Type-Options "nosniff"
-
Header set X-Frame-Options "DENY"
-
Header set Referrer-Policy "strict-origin-when-cross-origin"
IIS Example
-
<add name="Strict-Transport-Security" value="max-age=31536000" />
-
<add name="Content-Security-Policy" value="default-src 'self';" />
-
<add name="X-Content-Type-Options" value="nosniff" />
-
<add name="X-Frame-Options" value="DENY" />
-
<add name="Referrer-Policy" value="strict-origin-when-cross-origin" />